Geek Answers Handbook

Link to CSS files by domain without warning mixed content in IE?

My sites complete the subdomain (yyy.example.com), but I have to include CSS files from the main domain (example.com). We are launching a CMS that does not allow me to do any server-side things during the preview, so I delay sending the page via https, which includes importing CSS into http. Because of this, all my IE users get a warning about mixed content.

Is there any client way to prevent this, besides storing separate security settings for the domain on each client machine?

+7
css include internet-explorer
source share
4 answers

Use protocol related URL in CSS links.

Thus,

<link rel="stylesheet" type="text/css" href="//example.com/style.css">

instead

 <link rel="stylesheet" type="text/css" href="http://example.com/style.css">

It will automatically select the parent request protocol, which also works great for HTTPS.

+9
source share

As far as I know, there is no way to avoid this warning. It is there, in particular, for this purpose: warn you that even if you consider that your page is SSL encrypted, some of its contents are not. You will either need to serve the source page via HTTP (not recommended), or use the CSS file via HTTPS.

+3
source share

When you say that you cannot do "server" things, do you mean that you cannot touch your CMS or that you do not have root access to your HTTP server?

Because if you have access to your HTTP server, you can configure a very simple reverse proxy (with mod_proxy if you use Apache). This will allow you to use relative paths in your HTML, while the HTTP server will act as a proxy in any remote location. In fact, this method can also be used to mitigate some problems with cross-site scripting.

The main configuration directive to configure reverse proxies in mod_proxy is ProxyPass. Usually you use it as follows:

 ProxyPass /css/ http://example.com/css_dir/

In this case, the browser will request https://yyy.example.com/css/main.css , but the server will serve this, acting as a proxy for http://example.com/css_dir/main.css . It will not trigger a browser warning and works great with SSL.

+1
source share

There is one caveat. IE loads resources twice.

http://www.stevesouders.com/blog/2010/02/10/5a-missing-schema-double-download/

+1
source share

More articles:


All Articles